Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of […]
Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM)
In our on-demand webinar with Binoy Das (AWS) and Dave Meurer (Synopsys), you’ll learn how to manage security in your cloud DevSecOps processes with automation.
Posted in Agile, CI/CD & DevOps, Cloud Security, Webinars
In our on-demand webinar with Meera Rao (Synopsys), you’ll learn how to integrate SAST into DevOps using automation to find issues early in the SDLC and support DevOps velocity.
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Webinars
In our on-demand webinar with Brendan Sheairs (Synopsys), you’ll learn about the fundamentals and challenges of building a Security Champions program to transform DevOps into DevSecOps.
Posted in Agile, CI/CD & DevOps, Security Training, Webinars
Interactive application security testing (IAST) and software composition analysis (SCA) are powerful technologies—and you need both in your security toolkit.
Posted in Agile, CI/CD & DevOps, Interactive Application Security Testing (IAST), Software Composition Analysis
This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in previous posts, developers are more likely to use SAST tools to improve application security when they integrate seamlessly into existing development workflows. While integration into […]
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST)
This is the second post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in the previous blog post, static analysis is more likely to have a significant impact on application security when it supports the goals of developers, rather […]
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST)
A little background on DO-178 We live with software failure every day—from cell phones and laptops that crash or hang to headline-grabbing stories of personal data breaches. Software has been used in safety-critical airborne applications for decades, but fatalities caused by software are unheard of in civil aviation. Why this difference? The reason is the […]
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Weekly Security Mashup
What are the most common security challenges in CI/CD workflows? Organizations report CI/CD security challenges related to tools, approach, speed, false positives, developer resistance, and compliance. Meera Rao, director of the secure development practice at Synopsys, explains how to deal with each one effectively. In a recent webinar that I co-presented with Jay Lyman, principal […]
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST)
The timeless demand to reduce time to market has put DevOps in a position to solidify itself as a defining characteristic of modern SDLCs. While the need to accelerate software development is as old as software development is, the need to produce secure software is currently gaining traction in light of recent software security blunders. […]
Posted in Agile, CI/CD & DevOps
Get the latest Software Integrity news, thought leadership, and more.
